thunderbird

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Standalone mail and news reader from mozilla.org
Version 52.6.0-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-530 52.4.0-2 52.5.0-1 Critical Fixed
AVG-441 52.3.0-2 52.4.0-1 Critical Fixed
AVG-385 52.2.1-1 52.3.0-1 Critical Fixed
AVG-303 52.1.1-1 52.2.0-1 Critical Fixed
AVG-193 45.7.1-3 45.8.0-1 Critical Fixed
AVG-158 45.6.0-1 45.7.0-1 Critical Fixed
AVG-91 45.5.0-1 45.5.1-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2017-7830 AVG-530 High Yes Same-origin policy bypass
The Resource Timing API in Firefox before 57.0 and Thunderbird before 52.5 incorrectly revealed navigations in cross-origin iframes. This is a same-origin...
CVE-2017-7828 AVG-530 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 57.0 and Thunderbird before 52.5 when flushing and resizing layout because the PressShell object...
CVE-2017-7826 AVG-530 Critical Yes Arbitrary code execution
Several reported memory safety bugs have been found in Firefox before 57.0 and Thunderbird before 52.5. Some of these bugs showed evidence of memory...
CVE-2017-7824 AVG-441 Critical Yes Arbitrary code execution
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content in Thunderbird < 52.4. This is due to...
CVE-2017-7823 AVG-441 Medium Yes Cross-site scripting
The content security policy (CSP) sandbox directive in Thunderbird < 52.4  did not create a unique origin for the document, causing it to behave as if the...
CVE-2017-7819 AVG-441 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from...
CVE-2017-7818 AVG-441 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the...
CVE-2017-7814 AVG-441 Medium Yes Access restriction bypass
A security issue has been found in Thunderbird < 52.4. File downloads encoded with blob: and data: URL elements bypassed normal file download checks though...
CVE-2017-7810 AVG-441 Critical Yes Arbitrary code execution
Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported...
CVE-2017-7809 AVG-385 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when an editor DOM node is deleted prematurely during tree traversal while...
CVE-2017-7807 AVG-385 High Yes Content spoofing
A domain hijacking flaw has been found in firefox < 55.0 and thunderbird < 52.3. A mechanism that uses AppCache to hijack a URL in a domain using fallback...
CVE-2017-7805 AVG-441 Critical Yes Arbitrary code execution
A security issue has been found in Thunderbird < 52.4. During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved...
CVE-2017-7803 AVG-385 Medium Yes Access restriction bypass
A security issue has been found in firefox < 55.0 and thunderbird < 52.3. When a page’s content security policy (CSP) header contains a sandbox directive,...
CVE-2017-7802 AVG-385 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating the DOM during the resize event of an image...
CVE-2017-7801 AVG-385 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, while re-computing layout for a marquee element during window resizing where...
CVE-2017-7800 AVG-385 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, in WebSockets, when the object holding the connection is freed before the...
CVE-2017-7793 AVG-441 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in the Fetch API of Thunderbird < 52.4, when the worker or the associated window are freed when still in use,...
CVE-2017-7792 AVG-385 High Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when viewing a certificate in the certificate manager if the certificate has an...
CVE-2017-7791 AVG-385 Medium Yes Content spoofing
A content spoofing issue has been found in firefox < 55.0 and thunderbird < 52.3. On pages containing an iframe, the data: protocol can be used to create a...
CVE-2017-7787 AVG-385 High Yes Same-origin policy bypass
Same-origin policy protections can be bypassed in firefox < 55.0 and thunderbird < 52.3, on pages with embedded iframes during page reloads, allowing the...
CVE-2017-7786 AVG-385 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when the image renderer attempts to paint non-displayable SVG elements. This...
CVE-2017-7785 AVG-385 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating Accessible Rich Internet Applications (ARIA) attributes within...
CVE-2017-7784 AVG-385 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when reading an image observer during frame reconstruction after the...
CVE-2017-7779 AVG-385 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in firefox < 55.0 and thunderbird < 52.3. Some of these bugs showed evidence of memory corruption and we presume...
CVE-2017-7778 AVG-303 High Yes Arbitrary code execution
An out-of-bounds write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7777 AVG-303 High Yes Information disclosure
An use of initialized memory has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in GlyphCache::Loader::read_glyph.
CVE-2017-7776 AVG-303 High Yes Information disclosure
A heap-buffer-overflow read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Silf::getClassGlyph.
CVE-2017-7775 AVG-303 High Yes Denial of service
An assertion failure has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2.
CVE-2017-7774 AVG-303 High Yes Information disclosure
An out-of-bounds read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Silf::readGraphite.
CVE-2017-7773 AVG-303 High Yes Arbitrary code execution
A heap-buffer-overflow write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7772 AVG-303 High Yes Arbitrary code execution
A heap-buffer-overflow write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7771 AVG-303 High Yes Information disclosure
An out-of-bounds read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Pass::readPass.
CVE-2017-7764 AVG-303 Medium Yes Content spoofing
A security issue has been found in Firefox < 54.0 and Thunderbird < 52.2, where characters from the "Canadian Syllabics" unicode block can be mixed with...
CVE-2017-7758 AVG-303 High Yes Information disclosure
An out-of-bounds read vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, with the Opus encoder when the number of channels in an audio...
CVE-2017-7757 AVG-303 High Yes Arbitrary code execution
A use after-free vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, in IndexedDB when one of its objects is destroyed in memory while a...
CVE-2017-7756 AVG-303 High Yes Arbitrary code execution
A use after-free and use-after-scope vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, when logging errors from headers for XML HTTP...
CVE-2017-7754 AVG-303 High Yes Information disclosure
An out-of-bounds read has been found in Firefox < 54.0 and Thunderbird < 52.2, with a maliciously crafted ImageInfo object during WebGL operations.
CVE-2017-7753 AVG-385 High Yes Information disclosure
An out-of-bounds read  has been found in firefox < 55.0 and thunderbird < 52.3, when applying style rules to pseudo-elements, such as ::first-line, using...
CVE-2017-7752 AVG-303 Medium Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, during specific user interactions with the input method editor (IME) in some...
CVE-2017-7751 AVG-303 High Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, in content viewer listeners.
CVE-2017-7750 AVG-303 High Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, during video control operations when a <track> element holds a reference to an...
CVE-2017-7749 AVG-303 High Yes Arbitrary code execution
A user-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, when using an incorrect URL during the reloading of a docshell.
CVE-2017-5472 AVG-303 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, in the frameloader during tree reconstruction while regenerating CSS...
CVE-2017-5470 AVG-303 Critical Yes Arbitrary code execution
Several memory safety issues leading to arbitrary code execution have been found in Firefox < 54.0 and Thunderbird < 52.2.
CVE-2017-5410 AVG-193 Critical Yes Arbitrary code execution
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for...
CVE-2017-5408 AVG-193 Medium Yes Information disclosure
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential...
CVE-2017-5407 AVG-193 High Yes Information disclosure
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user....
CVE-2017-5405 AVG-193 Low Yes Content spoofing
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.
CVE-2017-5404 AVG-193 Critical Yes Arbitrary code execution
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This...
CVE-2017-5402 AVG-193 Critical Yes Arbitrary code execution
A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts.
CVE-2017-5401 AVG-193 Critical Yes Arbitrary code execution
A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error.
CVE-2017-5400 AVG-193 Critical Yes Arbitrary code execution
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
CVE-2017-5398 AVG-193 Critical Yes Arbitrary code execution
Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52 and Thunderbird < 45.8.
CVE-2017-5396 AVG-158 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in the Media Decoder of Firefox < 51 and Thunderbird < 45.7, when working with media files when some events...
CVE-2017-5390 AVG-158 High Yes Privilege escalation
The JSON viewer in the Developer Tools in Firefox < 51 and Thunderbird < 45.7 uses insecure methods to create a communication channel for copying and...
CVE-2017-5383 AVG-158 Medium Yes Content spoofing
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display in Firefox < 51 and Thunderbird < 45.7,...
CVE-2017-5380 AVG-158 High Yes Arbitrary code execution
A potential use-after-free vulnerability during DOM manipulation of SVG content has been in Firefox < 51 and Thunderbird < 45.7.
CVE-2017-5378 AVG-158 High Yes Information disclosure
An information disclosure vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, where hashed codes of JavaScript objects are shared between...
CVE-2017-5376 AVG-158 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, while manipulating XSL in XSLT documents.
CVE-2017-5375 AVG-158 Critical Yes Arbitrary code execution
JIT code allocation in Firefox < 51 and Thunderbird < 45.7 can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
CVE-2017-5373 AVG-158 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 51 and Thunderbird < 47.5. Some of these bugs showed evidence of memory corruption and we presume...
CVE-2016-9079 AVG-91 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the SVG Animation component of Firefox, leading to arbitrary code execution.

Advisories

Date Advisory Group Severity Description
30 Nov 2017 ASA-201711-43 AVG-530 Critical multiple issues
12 Oct 2017 ASA-201710-19 AVG-441 Critical multiple issues
23 Aug 2017 ASA-201708-18 AVG-385 Critical multiple issues
16 Jun 2017 ASA-201706-20 AVG-303 Critical multiple issues
10 Mar 2017 ASA-201703-2 AVG-193 Critical multiple issues
29 Jan 2017 ASA-201701-40 AVG-158 Critical multiple issues
01 Dec 2016 ASA-201612-2 AVG-91 Critical arbitrary code execution